homelab/roles/base/tasks/wireguard.yml

- name: Install WireGuard
  ansible.builtin.apt:
    name: wireguard
    state: present
    update_cache: true

- name: Generate WireGuard keys
  ansible.builtin.shell: |
    set -o pipefail
    wg genkey | tee privatekey | wg pubkey > publickey
  args:
    chdir: /etc/wireguard/
    creates: /etc/wireguard/privatekey
    executable: /usr/bin/bash

- name: Grab WireGuard private key for configuration
  ansible.builtin.slurp:
    src: /etc/wireguard/privatekey
  register: wgkey

- name: Install WireGuard configuration
  ansible.builtin.template:
    src: wireguard.j2
    dest: /etc/wireguard/wg0.conf
    mode: "400"
  notify: restart_wireguard

- name: Start WireGuard interface
  ansible.builtin.service:
    name: wg-quick@wg0
    state: started
    enabled: true

- name: Add WireGuard firewall rule
  community.general.ufw:
    rule: allow
    port: "{{ wireguard.listenport }}"
    proto: udp
  when: wireguard.listenport is defined
Add WireGuard VPN 2021-05-07 04:24:52 +00:00			`- name: Install WireGuard`
Updated Ansible tasks to FQCN format 2023-05-04 03:42:55 +00:00			`ansible.builtin.apt:`
Add WireGuard VPN 2021-05-07 04:24:52 +00:00			`name: wireguard`
			`state: present`
			`update_cache: true`

			`- name: Generate WireGuard keys`
Improvements for ansible-linting 2023-05-04 05:44:18 +00:00			`ansible.builtin.shell: \|`
			`set -o pipefail`
			`wg genkey \| tee privatekey \| wg pubkey > publickey`
Add WireGuard VPN 2021-05-07 04:24:52 +00:00			`args:`
			`chdir: /etc/wireguard/`
			`creates: /etc/wireguard/privatekey`
Update mediaserver playbook and fix Wireguard task 2023-06-08 07:47:54 +00:00			`executable: /usr/bin/bash`
Add WireGuard VPN 2021-05-07 04:24:52 +00:00
			`- name: Grab WireGuard private key for configuration`
Updated Ansible tasks to FQCN format 2023-05-04 03:42:55 +00:00			`ansible.builtin.slurp:`
Add WireGuard VPN 2021-05-07 04:24:52 +00:00			`src: /etc/wireguard/privatekey`
			`register: wgkey`

			`- name: Install WireGuard configuration`
Updated Ansible tasks to FQCN format 2023-05-04 03:42:55 +00:00			`ansible.builtin.template:`
Add WireGuard VPN 2021-05-07 04:24:52 +00:00			`src: wireguard.j2`
			`dest: /etc/wireguard/wg0.conf`
Update base role to pass linting 2023-10-21 01:30:25 +00:00			`mode: "400"`
Improvements for ansible-linting 2023-05-04 05:44:18 +00:00			`notify: restart_wireguard`
Add WireGuard VPN 2021-05-07 04:24:52 +00:00
			`- name: Start WireGuard interface`
Updated Ansible tasks to FQCN format 2023-05-04 03:42:55 +00:00			`ansible.builtin.service:`
Add WireGuard VPN 2021-05-07 04:24:52 +00:00			`name: wg-quick@wg0`
			`state: started`
			`enabled: true`
Add WireGuard firewall rule 2022-08-13 04:19:24 +00:00
			`- name: Add WireGuard firewall rule`
Updated Ansible tasks to FQCN format 2023-05-04 03:42:55 +00:00			`community.general.ufw:`
Add WireGuard firewall rule 2022-08-13 04:19:24 +00:00			`rule: allow`
			`port: "{{ wireguard.listenport }}"`
Fix WireGuard firewall rule 2023-06-15 07:09:13 +00:00			`proto: udp`
Add WireGuard firewall rule 2022-08-13 04:19:24 +00:00			`when: wireguard.listenport is defined`